The tutorial for today is about debugging and FASM with fdbg tool.
For debugging and testing you can use any debugger, but you can use the
You can here all version for these operating system: GUI for Windows x64, Windows x64, Linux x64 and UEFI x64.
I used the Linux x64 version for this tutorial.
I download and unarchive it in a folder named fdbg:
1 2 | [mythcat@desk fdbg]$ ls fdbg help.txt src |
You can link this tool to /usr/bin or into /bin or into $HOME/bin, see these commands:
1 2 3 4 5 6 7 8 | [mythcat@desk fdbg]$ sudo ln -s fdbg /usr/bin [sudo] password for mythcat: [mythcat@desk fdbg]$ ls fdbg help.txt src [mythcat@desk fdbg]$ ls /usr/bin | grep fdbg fdbg [mythcat@desk fdbg]$ ls -l /usr/bin | grep fdbg lrwxrwxrwx. 1 root root 4 Aug 16 12:06 fdbg -> fdbg |
You can see all permisions for this symlink.
The next step is to have a file for the debugging process and I duplicate this tool with cp command:
1 | [mythcat@desk fdbg]$ cp fdbg fdbg_test |
Let’s start the debugging process with this tool and use h to see the help:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | [mythcat@desk fdbg]$ ./fdbg fdbg_test 0000000100000078 > lea rsi,[0000000100000155] ; []=0FC9FF240C8B01FC h Note! Case sensitive, 1 space only, no tabs, no space at the end! h help, e.g. help about r command: h r g go, run program l leave debugged program to run (detach) and quit fdbg k kill debugged program and quit fdbg s step one instruction exactly (TrapFlag mode) t step through call loop rep (putting bp after instruc and executing go) u run until return from procedure r display/change register(s) c display disassembled code d dump data as hexa bytes and text e display stack as qwords and text m write memory b set breakpoint a remove breakpoint x set hardware breakpoint / display them y remove hardware breakpoint / display them f file operations (save memory into a file, load memory from a file) ENTER repeats previous command address/value/register/symbol can be: hexa_value examples: 1000003a5, 4000E1 register+-hexa_value examples: rip, rip+5, rsp+20, r9-a2, r12-12 symbol+-hexa_value examples: proc02, label5-6C, label1+d, hash03-2 |
Now you can use this tool very easy:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | [mythcat@desk fdbg]$ ./fdbg fdbg_test 0000000100000078 > lea rsi,[0000000100000155] ; []=0FC9FF240C8B01FC c 0000000100000078 > lea rsi,[0000000100000155] ; []=0FC9FF240C8B01FC 000000010000007F lea rdi,[0000000100005100] ; []=0000000000000000 0000000100000086 push rdi 0000000100000087 call 00000001000000E1 000000010000008C push rdi 000000010000008D pop rbp 000000010000008E pop rdi 000000010000008F push rdi r rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000 rdx=0000000000000000 rsp=00007FFF7B86DF70 rbp=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 r8=0000000000000000 r9=0000000000000000 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 rip=0000000100000078 rflags=0000000000000200 cf=0 pf=0 af=0 zf=0 sf=0 tf=0 if=1 df=0 of=0 |